|
This week, I bring you an important update we’ve just received on email security, adjust expectations for the future of email communication, and provide alternatives to consider. With a tall order at hand, I aim to keep this email concise, so let’s dive in.
WHAT’S THE NEWS?
An essential layer of our security stack is provided by an industry leader in email security with access to vast data and an up-to-date view of trends. They equip us with the means to monitor suspicious account activities such as suspicious login events and unexpected mailbox configuration changes. While they regularly observe shifts and swings, for the first time, they’ve communicated the following warning to us: “Beginning on March 7th, our systems witnessed an increase of over 50% (above late February average activity) on event types indicating password spray, brute force, and non-interactive sign-in attacks – and this trend has continued throughout the day today (March 8th) and to present.”
WHAT DOES IT MEAN?
In simpler terms, there’s a significantly heightened effort to breach email accounts. With the information provided in the remainder of this message, which I haven’t included here, it’s evident that nation-state-sponsored hacking cells aren’t solely targeting high-value individuals or opting for low-hanging fruit. Instead, they’re focusing on small businesses with some cybersecurity measures in place to cause economic harm.
WHY IS THIS HAPPENING?
As ongoing attacks against Microsoft by Russia and recently reported leaks from Google intensify, targeting US businesses becomes a lucrative and geopolitically advantageous profession in numerous countries. Nation-state-sponsored hacking groups receive funding, evade legal prosecution, and revel in the thrill of illicit activities, making this a popular profession.
WHAT TO EXPECT
Expect email communications to become even more challenging than they are today. The cat-and-mouse game between email security systems and hackers attempting to circumvent them will intensify. This may result in some dangerous emails slipping through, highlighting the importance of user education. As sensitivity for email security services increases, legitimate emails may get caught in the crossfire, making it essential to review your email security service notifications for flagged emails. Email remains the prime target for hackers, as it is the primary means of conducting business.
WHAT TO DO?
Quality communication is a critical component of any relationship, including business relationships. Therefore, its collapse could be catastrophic. It’s worth every effort to adapt and improve to this new reality in which email is no longer the best way to communicate. When feasible, consider migrating client communications to messaging platforms such as Slack, Microsoft Teams, or Google Chat. These services offer quicker message delivery, and although there are still cyber threats against them, they are significantly fewer compared to email. Whether it’s a group conversation on an ongoing project or a direct communication, invite your clients and vendors to your messaging platforms or join theirs. As for the world of email, there isn’t much we can do other than wait for industry giants such as Microsoft and Google to bring about a new revolution or for hackers to lose interest. Given the current landscape, neither seems likely to happen anytime soon.
Stay tuned for a more fun read next week, that’s a promise!
– Burak Sarac, Team Lead
|
